Cisco cops to enterprise IOS XE vulnerability

Patch published

Cisco’s latest operating system update ships with a vulnerability that could let hackers seize control of network devices.

The giant has admitted to the hole in its IOS XE release 16.1.1 that, if exploited, would let an attacker force a device to reload.

IOS XE is Cisco’s operating system for routers, switches and appliances but 16.1.1 was only for the enterprise-class 3650/3850 stackable switches.

The update shipped in early December.

You can see the main features here, but top-line features included the ability to upgrade the WCM independently along with GUI improvements.

Cisco has issued a software update, warning that there is no workaround you could implement.

“The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload,” Cisco said in an advisory here. ®